[SAC] [support.osuosl.org #30012] AutoReply: Open DNS Resolver at tracsvn.osgeo.osuosl.org (140.211.15.71)

apache · March 29, 2018, 9:55pm

Greetings,

This message has been automatically generated in response to the
creation of a support ticket call:

"Open DNS Resolver at tracsvn.osgeo.osuosl.org (140.211.15.71)",

a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [support.osuosl.org #30012]. Please include this string
in the subject line of all future correspondence about this issue. You may
also catch us on irc (irc.freenode.net) in #osuosl.

Thank you.
support@osuosl.org

-------------------------------------------------------------------------
Hello OSGeo,

We at the OSL have received a report indicating your project is running an open
DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).

Here's a copy of the report:
On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:

Report: openresolvers

Open DNS resolvers are used to generate an increasing number of
extremely large DDoS attacks, without any need for infected hosts to
participate. These resolvers may not be compromised, but are open to
abuse by others and pose a threat to the global network infrastructure.
Even if your DNS resolver is not performing recursive queries on behalf
of non-customer clients, it can still be abused to participate in a
DDoS. We strongly encourage you to filter these queries or configure
your DNS resolver to either refuse or rate-limit its responses.

* http://openresolverproject.org/
* https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful

event | ip | timestamp | details
------------------+------------------+---------------------+------------------
openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding ip= RCODE=0

recursion available=1

------------------+------------------+---------------------+------------------

Information about securing open resolvers is available in links in the report.
Could you please remedy this?

I'm unsure if I can post to sac@lists.osgeo.org, so I also added an address
from past correspondence in our ticketing system.

Thanks!

Alex_M · March 30, 2018, 12:14am

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Thanks,
Alex

On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:

Greetings,

This message has been automatically generated in response to the
creation of a support ticket call:

        "Open DNS Resolver at tracsvn.osgeo.osuosl.org (140.211.15.71)",

a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [support.osuosl.org #30012]. Please include this string
in the subject line of all future correspondence about this issue. You may
also catch us on irc (irc.freenode.net) in #osuosl.

                        Thank you.
                        support@osuosl.org

-------------------------------------------------------------------------
Hello OSGeo,

We at the OSL have received a report indicating your project is running an open
DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).

Here's a copy of the report:
On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:

Report: openresolvers

Open DNS resolvers are used to generate an increasing number of
extremely large DDoS attacks, without any need for infected hosts to
participate. These resolvers may not be compromised, but are open to
abuse by others and pose a threat to the global network infrastructure.
Even if your DNS resolver is not performing recursive queries on behalf
of non-customer clients, it can still be abused to participate in a
DDoS. We strongly encourage you to filter these queries or configure
your DNS resolver to either refuse or rate-limit its responses.

* http://openresolverproject.org/
* https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful

event | ip | timestamp | details
------------------+------------------+---------------------+------------------
openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding ip= RCODE=0

recursion available=1

------------------+------------------+---------------------+------------------

Information about securing open resolvers is available in links in the report.
Could you please remedy this?

I'm unsure if I can post to sac@lists.osgeo.org, so I also added an address
from past correspondence in our ticketing system.

Thanks!
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

apache · March 30, 2018, 12:14am

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Thanks,
Alex

On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:

Greetings,

This message has been automatically generated in response to the
creation of a support ticket call:

        "Open DNS Resolver at tracsvn.osgeo.osuosl.org (140.211.15.71)",

a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [support.osuosl.org #30012]. Please include this string
in the subject line of all future correspondence about this issue. You may
also catch us on irc (irc.freenode.net) in #osuosl.

                        Thank you.
                        support@osuosl.org

-------------------------------------------------------------------------
Hello OSGeo,

We at the OSL have received a report indicating your project is running an open
DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).

Here's a copy of the report:
On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:

Report: openresolvers

Open DNS resolvers are used to generate an increasing number of
extremely large DDoS attacks, without any need for infected hosts to
participate. These resolvers may not be compromised, but are open to
abuse by others and pose a threat to the global network infrastructure.
Even if your DNS resolver is not performing recursive queries on behalf
of non-customer clients, it can still be abused to participate in a
DDoS. We strongly encourage you to filter these queries or configure
your DNS resolver to either refuse or rate-limit its responses.

* http://openresolverproject.org/
* https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful

event | ip | timestamp | details
------------------+------------------+---------------------+------------------
openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding ip= RCODE=0

recursion available=1

------------------+------------------+---------------------+------------------

Information about securing open resolvers is available in links in the report.
Could you please remedy this?

I'm unsure if I can post to sac@lists.osgeo.org, so I also added an address
from past correspondence in our ticketing system.

Thanks!
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

Martin_Spott · March 30, 2018, 11:00am

Alex M wrote:

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Did you install dnsmasq ?

Martin
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

strk · March 31, 2018, 9:08pm

On Fri, Mar 30, 2018 at 11:00:15AM +0000, Martin Spott wrote:

Alex M wrote:

> I assume this has something to do with how we 'fixed' DNS issues on
> Trac. Sandro and Chris, can you figure out how to lock this down more?

Did you install dnsmasq ?

Yes, see https://trac.osgeo.org/osgeo/ticket/1693#comment:10

--strk;

apache · April 9, 2018, 8:53pm

Hello,

Any progress/insight on this?

Thank you!

On Thu Mar 29 17:14:17 2018, tech@wildintellect.com wrote:

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Thanks,
Alex

On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a support ticket call:
>
> "Open DNS Resolver at tracsvn.osgeo.osuosl.org
(140.211.15.71)",
>
> a summary of which appears below.
>
> There is no need to reply to this message right now. Your ticket has
been
> assigned an ID of [support.osuosl.org #30012]. Please include this
string
> in the subject line of all future correspondence about this issue.
You may
> also catch us on irc (irc.freenode.net) in #osuosl.
>
>
>
> Thank you.
> support@osuosl.org
>
>
-------------------------------------------------------------------------
> Hello OSGeo,
>
> We at the OSL have received a report indicating your project is
running an open
> DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).
>
> Here's a copy of the report:
> On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:
>> Report: openresolvers
>>
>> Open DNS resolvers are used to generate an increasing number of
>> extremely large DDoS attacks, without any need for infected hosts
to
>> participate. These resolvers may not be compromised, but are open
to
>> abuse by others and pose a threat to the global network
infrastructure.
>> Even if your DNS resolver is not performing recursive queries on
behalf
>> of non-customer clients, it can still be abused to participate in a
>> DDoS. We strongly encourage you to filter these queries or
configure
>> your DNS resolver to either refuse or rate-limit its responses.
>>
>> * http://openresolverproject.org/
>> * https://www.dns-oarc.net/oarc/articles/upward-referrals-
considered-harmful
>>
>>
>> event | ip | timestamp | details
>>

------------------+------------------+---------------------+------------------

>> openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding
ip= RCODE=0
> recursion available=1
>>

------------------+------------------+---------------------+------------------

>
> Information about securing open resolvers is available in links in
the report.
> Could you please remedy this?
>
> I'm unsure if I can post to sac@lists.osgeo.org, so I also added an
address
> from past correspondence in our ticketing system.
>
> Thanks!
> _______________________________________________
> Sac mailing list
> Sac@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac
>

--
Travis Whitehead
Student Systems Engineer
Oregon State University | Open Source Lab

Alex_M · April 9, 2018, 9:59pm

Yes, I believe we modified DNSmasq to only take local requests.
https://trac.osgeo.org/osgeo/ticket/1693#comment:18

On 04/09/2018 01:53 PM, Travis Whitehead via RT wrote:

Hello,

Any progress/insight on this?

Thank you!

On Thu Mar 29 17:14:17 2018, tech@wildintellect.com wrote:

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Thanks,
Alex

On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:

Greetings,

This message has been automatically generated in response to the
creation of a support ticket call:

"Open DNS Resolver at tracsvn.osgeo.osuosl.org

(140.211.15.71)",

a summary of which appears below.

There is no need to reply to this message right now. Your ticket has

been

assigned an ID of [support.osuosl.org #30012]. Please include this

string

in the subject line of all future correspondence about this issue.

You may

also catch us on irc (irc.freenode.net) in #osuosl.

Thank you.
support@osuosl.org

-------------------------------------------------------------------------

Hello OSGeo,

We at the OSL have received a report indicating your project is

running an open

DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).

Here's a copy of the report:
On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:

Report: openresolvers

Open DNS resolvers are used to generate an increasing number of
extremely large DDoS attacks, without any need for infected hosts

to

participate. These resolvers may not be compromised, but are open

to

abuse by others and pose a threat to the global network

infrastructure.

Even if your DNS resolver is not performing recursive queries on

behalf

of non-customer clients, it can still be abused to participate in a
DDoS. We strongly encourage you to filter these queries or

configure

your DNS resolver to either refuse or rate-limit its responses.

* http://openresolverproject.org/
* https://www.dns-oarc.net/oarc/articles/upward-referrals-

considered-harmful

event | ip | timestamp | details

------------------+------------------+---------------------+------------------

openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding

ip= RCODE=0

recursion available=1

------------------+------------------+---------------------+------------------

Information about securing open resolvers is available in links in

the report.

Could you please remedy this?

I'm unsure if I can post to sac@lists.osgeo.org, so I also added an

address

from past correspondence in our ticketing system.

Thanks!
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

--
Travis Whitehead
Student Systems Engineer
Oregon State University | Open Source Lab

apache · April 9, 2018, 10:00pm

Yes, I believe we modified DNSmasq to only take local requests.
https://trac.osgeo.org/osgeo/ticket/1693#comment:18

On 04/09/2018 01:53 PM, Travis Whitehead via RT wrote:

Hello,

Any progress/insight on this?

Thank you!

On Thu Mar 29 17:14:17 2018, tech@wildintellect.com wrote:

I assume this has something to do with how we 'fixed' DNS issues on
Trac. Sandro and Chris, can you figure out how to lock this down more?

Thanks,
Alex

On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:

Greetings,

This message has been automatically generated in response to the
creation of a support ticket call:

"Open DNS Resolver at tracsvn.osgeo.osuosl.org

(140.211.15.71)",

a summary of which appears below.

There is no need to reply to this message right now. Your ticket has

been

assigned an ID of [support.osuosl.org #30012]. Please include this

string

in the subject line of all future correspondence about this issue.

You may

also catch us on irc (irc.freenode.net) in #osuosl.

Thank you.
support@osuosl.org

-------------------------------------------------------------------------

Hello OSGeo,

We at the OSL have received a report indicating your project is

running an open

DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).

Here's a copy of the report:
On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:

Report: openresolvers

Open DNS resolvers are used to generate an increasing number of
extremely large DDoS attacks, without any need for infected hosts

to

participate. These resolvers may not be compromised, but are open

to

abuse by others and pose a threat to the global network

infrastructure.

Even if your DNS resolver is not performing recursive queries on

behalf

of non-customer clients, it can still be abused to participate in a
DDoS. We strongly encourage you to filter these queries or

configure

your DNS resolver to either refuse or rate-limit its responses.

* http://openresolverproject.org/
* https://www.dns-oarc.net/oarc/articles/upward-referrals-

considered-harmful

event | ip | timestamp | details

------------------+------------------+---------------------+------------------

openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding

ip= RCODE=0

recursion available=1

------------------+------------------+---------------------+------------------

Information about securing open resolvers is available in links in

the report.

Could you please remedy this?

I'm unsure if I can post to sac@lists.osgeo.org, so I also added an

address

from past correspondence in our ticketing system.

Thanks!
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

--
Travis Whitehead
Student Systems Engineer
Oregon State University | Open Source Lab

apache · April 9, 2018, 10:24pm

Yep, tracsvn.osgeo.osuosl.org no longer appears to rsepond to my (external)
requests.

Thank you for the quick resolution!

On Mon Apr 09 15:00:01 2018, tech@wildintellect.com wrote:

Yes, I believe we modified DNSmasq to only take local requests.
https://trac.osgeo.org/osgeo/ticket/1693#comment:18

On 04/09/2018 01:53 PM, Travis Whitehead via RT wrote:
> Hello,
>
> Any progress/insight on this?
>
> Thank you!
>
> On Thu Mar 29 17:14:17 2018, tech@wildintellect.com wrote:
>> I assume this has something to do with how we 'fixed' DNS issues on
>> Trac. Sandro and Chris, can you figure out how to lock this down
more?
>>
>> Thanks,
>> Alex
>>
>> On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:
>>> Greetings,
>>>
>>> This message has been automatically generated in response to the
>>> creation of a support ticket call:
>>>
>>> "Open DNS Resolver at tracsvn.osgeo.osuosl.org
>> (140.211.15.71)",
>>>
>>> a summary of which appears below.
>>>
>>> There is no need to reply to this message right now. Your ticket
has
>> been
>>> assigned an ID of [support.osuosl.org #30012]. Please include this
>> string
>>> in the subject line of all future correspondence about this issue.
>> You may
>>> also catch us on irc (irc.freenode.net) in #osuosl.
>>>
>>>
>>>
>>> Thank you.
>>> support@osuosl.org
>>>
>>>
>>
-------------------------------------------------------------------------
>>> Hello OSGeo,
>>>
>>> We at the OSL have received a report indicating your project is
>> running an open
>>> DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).
>>>
>>> Here's a copy of the report:
>>> On Mon Mar 26 07:43:08 2018, abuse@nero.net wrote:
>>>> Report: openresolvers
>>>>
>>>> Open DNS resolvers are used to generate an increasing number of
>>>> extremely large DDoS attacks, without any need for infected hosts
>> to
>>>> participate. These resolvers may not be compromised, but are open
>> to
>>>> abuse by others and pose a threat to the global network
>> infrastructure.
>>>> Even if your DNS resolver is not performing recursive queries on
>> behalf
>>>> of non-customer clients, it can still be abused to participate in
a
>>>> DDoS. We strongly encourage you to filter these queries or
>> configure
>>>> your DNS resolver to either refuse or rate-limit its responses.
>>>>
>>>> * http://openresolverproject.org/
>>>> * https://www.dns-oarc.net/oarc/articles/upward-referrals-
>> considered-harmful
>>>>
>>>>
>>>> event | ip | timestamp | details
>>>>
>>
>

------------------+------------------+---------------------+------------------

>>>> openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding
>> ip= RCODE=0
>>> recursion available=1
>>>>
>>
>

------------------+------------------+---------------------+------------------

>>>
>>> Information about securing open resolvers is available in links in
>> the report.
>>> Could you please remedy this?
>>>
>>> I'm unsure if I can post to sac@lists.osgeo.org, so I also added
an
>> address
>>> from past correspondence in our ticketing system.
>>>
>>> Thanks!
>>> _______________________________________________
>>> Sac mailing list
>>> Sac@lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/sac
>>>
>>
>
>
> --
> Travis Whitehead
> Student Systems Engineer
> Oregon State University | Open Source Lab
>

--
Travis Whitehead
Student Systems Engineer
Oregon State University | Open Source Lab